JP6155388B2 - Relay system and method for transmitting client IP address to server using encapsulation protocol - Google Patents

Description

  The present invention relates to a relay system between a client and a server via a communication network, and in particular, a relay device, for example, a wired (wireless) communication via a proxy or a gateway, a user (client) transmits. The present invention relates to a relay system (proxy, bridge router) for transmitting a prototype of a packet as it is to a destination (server) and transmitting a client IP address to a server using an encapsulation protocol and a method thereof.

The server and the user's computer (PC (personal computer)) serve as the start point or arrival point of data, and such start point or arrival point is called an ES (end system).
Such an ES is connected to a network, and a device existing between ESs is called an IS (intermediate system). The IS plays a role of guiding at the destination so that the ES can communicate with the ES. Examples of the IS include a switch and a router.

A proxy server generally refers to a computer or application program that allows a client to indirectly connect to another network server that provides a service via itself. A relay between a server and a client, which indicates a function of performing communication on behalf of the client and is referred to as a “proxy”, and one that performs the relay function is referred to as a “proxy server”.
In the case of a system using a proxy server, the proxy functionally functions like IS, but actually becomes an ES. The communication between the user's PC and the proxy and the communication between the proxy and the server are two separate networks, and the proxy only relays data. The source IP address (source IP address) of the packet header transmitted in this process becomes the IP address of the user's PC in the communication between the user PC and the proxy, and the proxy in the communication between the proxy and the server. IP address. Therefore, there is a disadvantage that the server cannot perform pre-processing of the service using the source IP address of the packet.

  The problem to be solved by the present invention is to solve the above-mentioned inconvenience, and is recorded in a packet header transmitted / received between a client or a destination server in a system using a relay server such as a proxy. Relay system (proxy, bridge router) that transmits the client's IP address to the server using the encapsulation protocol that transmits the information (IP address) of the client that sent the data with the corrected address location information to the destination server Is to provide.

Another problem to be solved by the present invention is to solve the inconvenience as described above, and in a system using a relay server such as a proxy, an address location recorded in a packet header exchanged between a client or a destination server. It is an object of the present invention to provide a relay method of transmitting client IP address to a server using an encapsulation protocol, transmitting client information (IP address) that has transmitted data after correcting information to the destination server.
Still another problem to be solved by the present invention is to provide a relay device used in a relay system that transmits an IP address of a client to a server using an encapsulation protocol.

  A relay system for transmitting a client IP address to a server using an encapsulation protocol according to the present invention for achieving the technical problem is a relay system for transmitting a client IP address to a server. A first proxy that receives a prototype packet included in the header, reconstructs the packet by attaching the prototype packet to the inside of the encapsulation packet composed of the header and the payload, using a predetermined encapsulation protocol And at least one second proxy or bridge router that extracts the original packet attached inside the encapsulated packet and transmits client IP address information to the server.

  The first proxy according to an aspect of the present invention changes a destination address of a prototype packet in which a client IP address is included in a header to a server address, and uses the predetermined encapsulation protocol to change the modified prototype. A forward packet reconstructing unit for reassembling a packet by attaching a packet to an encapsulated packet composed of a header and a payload, adding a new header to the encapsulated packet, and reconstructing the packet; A forward path control unit that transmits a packet to a destination using a preset path, wherein the at least one second proxy or bridge router removes a header of the reconstructed packet, and A reconstructed packet disassembly unit that transmits the modified original packet in the encapsulated packet to the destination. It is characterized in.

  The first proxy according to another aspect of the present invention attaches a prototype packet in which a client IP address is included in a header inside an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol. A forward packet reconstruction unit that re-encapsulates the packet by adding a new header to the encapsulated packet; and an order in which the re-assembled packet is transmitted to a destination using a preset path. The at least one second proxy or bridge router removes the header of the reconstructed packet, and the destination address of the original packet header in the encapsulated packet of the reconstructed packet. Is included in a reassembly packet disassembly unit that changes the server address into a server address.

  The at least one second proxy or bridge router receives a server prototype packet in which a client IP address is included in a header, changes a source address of the server prototype packet header to the first proxy address, and The modified server prototype packet is attached and encapsulated inside an encapsulated packet consisting of a header and payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet to reconfigure the server. A reverse direction packet reconfiguring unit that reconfigures the packet; and a reverse direction route control unit that transmits the server reconfigured packet to a destination using a preset route; and the first proxy includes the server The header of the reconstructed packet is removed, and the server source from which the source address is changed And further comprising a reverse reconstruction packet disassembling unit for transmitting to a destination address of the packet.

  The at least one second proxy or bridge router according to an aspect of the present invention receives a server prototype packet in which a client IP address is included in a header, and uses the predetermined encapsulation protocol for the server prototype packet. A reverse packet reconstructing unit that encapsulates the packet by attaching it to an encapsulated packet composed of a header and a payload, adds a new header to the encapsulated packet, and reconstructs it into a server reconstructed packet; A reverse path control unit that transmits a packet to a destination using a preset path, wherein the first proxy removes a header of the server reconfiguration packet and sets a source address of the server prototype packet header , After changing to the first proxy address, the changed server prototype packet The path setting, further comprising a reverse reconstruction packet disassembling unit for transmitting to a destination address of the server prototype packet.

  The relay method for transmitting the client IP address to the server using the encapsulation protocol according to the present invention for achieving the other technical problem is a method for transmitting the client IP address to the server via the relay system. The first relay device changes the destination address of the original packet in which the client IP address is included in the header to a server address; and the first relay device converts the changed original packet into a predetermined capsule. An encapsulation protocol is used to attach and encapsulate within an encapsulated packet composed of a header and a payload, add a new header to the encapsulated packet, and reconstruct the packet; and Transmitting the reconstructed packet to a destination using a preset route; Device, removes the header of the reconstructed packet, extracts the encapsulated packet, and transmitting the modified prototype packet in the encapsulated packet to the destination.

  In the packet reconstruction step according to an aspect of the present invention, the destination address of the original packet including the client IP address included in the header is changed to the server address, and then the changed original packet is changed to a predetermined encapsulation protocol. It is characterized in that it is attached to a payload of an encapsulated packet composed of a header and a payload and encapsulated, and a new header is added to the encapsulated packet to reconstruct the packet.

  According to another aspect of the present invention, the packet reconstruction step changes the destination address of the original packet in which the client IP address is included in the header to the server address, and the information included in the header of the changed original packet. Is included in the data area of the original packet, and the information included in the data area of the original packet is encapsulated by attaching it to the payload of the encapsulated packet including the header and the payload using a predetermined encapsulation protocol. The packet is reconstructed by adding a new header to the encapsulated packet.

  According to another aspect of the present invention, the packet reconstruction step includes changing the destination address of the original packet including the client IP address in the header to the server address, and then changing the client included in the changed original packet header. Is attached to the head of the encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and the packet is reconfigured by adding a new header to the encapsulated packet. It is characterized by that.

  The relay method for transmitting the client IP address to the server using the encapsulation protocol according to the present invention to achieve the other technical problem includes the first relay device, and the client IP address included in the header. Using a predetermined encapsulation protocol to attach and encapsulate the original packet inside an encapsulated packet made up of a header and a payload, adding a new header to the encapsulated packet, and reconfiguring the packet; The first relay device transmits the reconstructed packet to a destination using a preset route, and the second relay device removes the header of the reconstructed packet, The encapsulated packet is extracted, and the destination address of the original packet header in the extracted encapsulated packet is set as the server address. Including further comprising the steps of: a.

In the packet reconstruction step according to an aspect of the present invention, the original packet including the client IP address included in the header is attached to the payload of the encapsulated packet including the header and the payload using a predetermined encapsulation protocol. Then, the packet is encapsulated, and a new header is added to the encapsulated packet to reconstruct the packet.
According to another aspect of the present invention, the packet reconstructing step includes information included in a header of the original packet in which the client IP address is included in the header, and includes the data area of the original packet in the data area of the original packet. The included information is encapsulated by attaching it to the payload of an encapsulated packet consisting of a header and payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet to reconstruct the packet. It is characterized by doing.

  According to still another aspect of the present invention, the packet reconstruction step uses a predetermined encapsulation protocol to convert the client IP address included in the header of the original packet including the client IP address into the header. And encapsulating the packet by appending it to the head of the encapsulated packet consisting of the packet and the payload, adding a new header to the encapsulated packet, and reconfiguring the packet.

  According to another aspect of the present invention, there is provided a data packet relay method to a client IP address using an encapsulation protocol, wherein the first relay device includes a server original packet in which the client IP address is included in a header. And changing the source address of the server prototype packet header to the first proxy address, and the first relay device converts the modified server prototype packet using a predetermined encapsulation protocol. , Encapsulating the packet by attaching it to an encapsulated packet composed of a header and a payload, adding a new header to the encapsulated packet, and generating a server reconfiguration packet; and A step of transmitting the configuration packet to a destination using a preset route, and a second relay device Wherein by removing the header of the server reconstructed packet extracts the encapsulated packet, the server prototype packets in the extracted encapsulated packet, and transmitting to a destination address of the server prototype packet.

  According to another aspect of the present invention, there is provided a data packet relay method to a client IP address using an encapsulation protocol, wherein the first relay device includes a server original packet in which the client IP address is included in a header. The server prototype packet is attached and encapsulated inside an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, a new header is added to the encapsulated packet, and the server Generating the reconfiguration packet, the first relay device transmitting the server reconfiguration packet to a destination using a preset route, and the second relay device transmitting the server reconfiguration packet Remove the header to extract the encapsulated packet, and the server prototype in the extracted encapsulated packet The source address in the header of the packet is changed to the first proxy address, and the second relay device transmits the changed server prototype packet to the destination address of the server prototype packet through a preset route. Including the step of:

  The relay apparatus for transmitting the client IP address to the server according to the present invention for achieving the other technical problem, after changing the destination address of the original packet including the client IP address in the header to the server address The modified original packet is attached and encapsulated inside an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet to re-packet the packet. A forward packet reconfiguring unit to configure; and a forward route control unit for transmitting the reconstructed packet to a destination using a preset route.

The forward packet reconstructing unit according to one aspect of the present invention changes a destination address of a prototype packet in which a client IP address is included in a header to a server address, and then encapsulates the modified prototype packet with a predetermined encapsulation A protocol is used to encapsulate the packet by attaching it to a payload of an encapsulated packet composed of a header and a payload, and a new header is added to the encapsulated packet to reconstruct the packet.
The forward packet reconfiguration unit changes the destination address of the original packet in which the client IP address is included in the header to a server address, and converts the information included in the header of the original packet in the original packet The information included in the data area of the original packet is included in the data area and encapsulated by attaching to the payload of the encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and the encapsulated packet A new header is added to the packet to reconstruct the packet.

  According to another aspect of the present invention, the forward packet reconstructing unit includes a client IP address included in the modified original packet header after the destination address of the original packet including the header is changed to the server address. The client's IP address is encapsulated by attaching it to the header of an encapsulated packet consisting of a header and payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet to reconstruct the packet. It is characterized by doing.

  According to the present invention for achieving the other technical problem, a relay apparatus for transmitting a client IP address to a server uses a predetermined encapsulation protocol to convert a prototype packet including a client IP address in a header. A forward packet reconstructing unit for reassembling a packet by attaching a new header to the encapsulated packet and reconfiguring the packet by attaching the encapsulated packet consisting of a header and a payload; and A forward path control unit that transmits to a destination using a preset path.

The forward packet reconstructing unit according to one aspect of the present invention uses a predetermined encapsulation protocol to convert an original packet in which a client IP address is included in a header into a payload of an encapsulated packet including a header and a payload. And encapsulating the packet, adding a new header to the encapsulated packet, and reconfiguring the packet.
The forward packet reconfiguration unit includes information included in a header of the original packet in which the client IP address is included in the header, and includes information included in the data area of the original packet. Using a predetermined encapsulation protocol, attaching to the payload of an encapsulated packet composed of a header and a payload, encapsulating, adding a new header to the encapsulated packet, and reconfiguring the packet, To do.
The forward packet reconstructing unit according to another aspect of the present invention uses a predetermined encapsulation protocol for the client IP address included in the header of the original packet in which the client IP address is included in the header, It is characterized in that it is attached to the head of an encapsulated packet consisting of a header and a payload and encapsulated, and a new header is added to the encapsulated packet to reconstruct the packet.

  A relay apparatus for transmitting a client IP address to a server according to the present invention for achieving the other technical problem receives a server prototype packet including a client IP address in a header, and transmits the server prototype packet header. After changing the source address to the first proxy address, the modified server prototype packet is attached and encapsulated inside an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, A reverse packet reconfiguration unit for adding a new header to the encapsulated packet and reconfiguring it into a server reconfiguration packet; and reverse path control for transmitting the server reconfiguration packet to a destination using a preset path Part;

  The relay apparatus for transmitting the client IP address to the server according to the present invention for achieving the other technical problem receives a server prototype packet including a client IP address in a header, and transmits the server prototype packet to the server. A reverse packet that uses a predetermined encapsulation protocol to attach and encapsulate within an encapsulated packet consisting of a header and payload, adds a new header to the encapsulated packet, and reconstructs it into a server reconfiguration packet A reconfiguration unit; and a reverse path control unit that transmits the server reconfiguration packet to a destination using a preset path.

  And the recording medium which can read the above-mentioned invention by the processor which recorded the program performed by a processor is provided.

According to the relay system (proxy, bridge router) and method for transmitting a client IP address to a server using an encapsulation protocol according to the present invention, a prototype of a packet is transmitted between the client and the server. In addition, the host server can provide services using information in the packet header such as the IP address of the terminal. That is, the information can be used in the server side L3 equipment.
According to the present invention, since the client and the server seem to exchange packets in the client / server communication environment without using the proxy, the existence of the proxy is not known.
Further, tunneling communication is exchanged between the two terminals, and this is possible without such modification and program installation between the terminal and the host server.
Further, according to the present invention, the use of the encapsulation protocol is advantageous in terms of security, and the encapsulated packet can be searched quickly.

1 is a block diagram of an embodiment related to a configuration of a relay system that transmits an IP address of a client to a server using an encapsulation protocol according to the present invention. FIG. FIG. 2 is a block diagram of an example related to the configuration of a proxy and a bridge router at the time of forward or reverse transmission in FIG. 1. 3 is a simplified view of a packet structure used in an embodiment of the present invention. 6 is a diagram illustrating a packet structure of the first embodiment of the relay system when the relay system according to the present invention operates in forward transmission. 6 is a diagram illustrating a packet structure of the second embodiment of the relay system when the relay system according to the present invention operates in forward transmission. 6 is a diagram illustrating a packet structure of the first embodiment of the relay system when the relay system according to the present invention operates in reverse transmission. 6 is a diagram illustrating a packet structure of the second embodiment of the relay system when the relay system according to the present invention operates in reverse transmission. It is a block diagram of one example of the proxy which comprises the relay system by this invention. It is a block diagram of one example of the bridge router which comprises the relay system by this invention. 1 is a diagram illustrating various embodiments related to a configuration of a relay system according to the present invention. 1 is a diagram illustrating various embodiments related to a configuration of a relay system according to the present invention. 1 is a diagram illustrating various embodiments related to a configuration of a relay system according to the present invention. 1 is a diagram illustrating various embodiments related to a configuration of a relay system according to the present invention. 1 is a diagram illustrating various embodiments related to a configuration of a relay system according to the present invention. It is the figure which showed the network block diagram in case the client 1 transmits a packet to the server 1 or the server 2 via the relay system by this invention. 2 is a diagram illustrating an overall operation of a relay system according to the present invention. 3 is a flowchart of an embodiment of a relay method for transmitting a client IP address to a server using an encapsulation protocol according to the present invention during forward transmission. 7 is a flowchart of another embodiment of a relay method for transmitting a client IP address to a server using an encapsulation protocol according to the present invention during forward transmission. 10 is a flowchart of an embodiment related to a relay method for transmitting a client IP address to a server using an encapsulation protocol according to the present invention after forward transmission according to FIG. 10 or FIG. is there. 10 is a flowchart of another embodiment of a relay method for transmitting a client IP address to a server using an encapsulation protocol according to the present invention during forward transmission after forward transmission according to FIG. 10 or FIG. It is. 6 is a diagram illustrating a packet processing flow in the proxy described in FIG. 5. It is drawing which showed the packet processing flow in the bridge router demonstrated in FIG. It is drawing which showed an example of the packet transmitted / received via the relay system by this invention by layer 3 among OSI 7layers. It is drawing which showed the structure of an actual general purpose TCP communication packet. 6 is a diagram illustrating a packet form in which necessary information is attached in a data area of an upper layer of TCP. It is the figure which showed the packet which attached the required information to the upper hierarchy of IP using the encapsulation protocol. FIG. 25 is a view showing a state where a packet having a form as shown in FIGS. 21 to 24 is placed in a CP payload. FIG. It is the figure which showed the packet form which attached the required information via the header L2, L3, L4 header of the lower hierarchy inside the payload area | region of the encapsulation packet using an encapsulation protocol. It is the figure which showed the packet form which attached the required client information via the lower-layer header L3, L4 header inside the payload area | region of the encapsulation packet using an encapsulation protocol. It is the figure which showed the packet form which attached the required information inside the data of an upper layer without including the header of a lower layer in the payload area | region of the encapsulation packet using an encapsulation protocol. The payload area of the encapsulated packet using the encapsulation protocol is the same as the upper layer data, that is, the necessary information is attached to the encapsulation protocol header. When the encapsulation protocol is used, the original packet 2500 transmitted by the client is referenced to generate a packet to be transmitted to the destination.

  Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The embodiment described in the present specification and the configuration illustrated in the drawings are only a preferred embodiment of the present invention, and do not represent any technical idea of the present invention. It should be understood that there are various equivalents and variations that can be substituted for them.

The present invention provides a server with information on a client connected to a system configured using a proxy in a communication network, and in particular, server communication constructed using various relay equipment in the communication network. Provides client information on the network. At this time, the packet prototype transmitted by the connected client is provided without changing the client and the server. Here, the packet prototype is not a prototype of a packet transmitted from the client to the proxy but a packet transmitted from the client to the server when it is assumed that the client and the server communicate directly without the proxy.
FIG. 1 is a block diagram showing an embodiment related to a configuration of a relay system that transmits an IP address of a client to a server using an encapsulation protocol according to the present invention. 120 and a bridge router 130.

Here, for convenience of explanation, transmission of a packet generated by the client 110 to the server 140 via the proxy 120 and the bridge router 130 is referred to as forward transmission, and the packet generated by the server 140 is referred to as forward transmission. Transmission to the client 110 via the bridge router 130 and the proxy 120 is referred to as reverse transmission.
FIG. 2 is a block diagram showing an example of the configuration of the proxy 120, 210 and the bridge router 130, 230 at the time of forward or reverse transmission in FIG. When operating in the forward direction, the proxies 120 and 210 include a forward direction determination unit 212, a forward packet reconstructing unit 214, and a forward path control unit 216. When operating in the reverse direction, the proxy 120, 210 218.
When the bridge routers 130 and 230 operate in the forward direction, the bridge routers 130 and 230 include the forward direction reconfiguration packet disassembly unit 238. When the bridge routers 130 and 230 operate in the reverse direction, the reverse direction determination unit 232, the reverse direction packet reconfiguration unit 234, and the reverse A direction path control unit 236 is included.

  FIG. 3A shows a simple structure of a packet used in the embodiment of the present invention, and the packet is composed of three areas of SA 300, DA 302, and DATA 304. SA (source address) 300 is an area in which a source address is placed, DA (destination address) 302 is an area in which a destination address is placed, and SA and DA constitute a packet header. DATA 304 indicates an area where actual data to be transmitted is placed, and corresponds to a data area of a packet. The packet structure of FIG. 3A is equally applied in FIGS. 3B, 3C, 4A, and 4B.

  First, an embodiment relating to the configuration of the relay system 10 according to the present invention during forward transmission will be described. In forward transmission, the relay system 10 according to the present invention includes proxies 120 and 210 and bridge routers 130 and 230, and the bridge router 130 includes at least one proxy and bridge router.

The proxies 120 and 210 receive the original packet in which the IP address of the client 110 is included in the header, and use the predetermined encapsulation protocol to encapsulate the original packet in the encapsulated packet composed of the header and the payload. Attach and reassemble the packet. The bridge router 130 extracts the original packet attached inside the encapsulated packet and transmits the client IP address information to the server 140.
FIG. 3B shows a packet structure of the first embodiment of the relay system when the relay system 10 according to the present invention operates in forward transmission. The numeral 1 in the packet indicates the IP address of the client, 2 indicates the IP address of the proxy 120, 4 indicates the IP address of the server, and D indicates the data area.

  The proxies 120 and 210 include a forward direction determination unit 212, a forward packet reconstruction unit 214, and a forward path control unit 216.

  The forward direction determination unit 210 determines whether or not the original packet 320 needs to be changed, and requests the packet change if the original packet 320 needs to be changed. Here, the original packet 320 includes the IP address 1 of the client 110 in the SA area of the header, the DA area includes the proxy IP address 2, and the data area DATA includes data. It is.

  When there is a packet change request from the forward direction determination unit 212, the forward packet reconfiguration unit 214 encapsulates the original packet 320 and creates a reconfiguration packet 330. More specifically, the forward packet reconstructing unit 214 changes the destination address of the original packet in which the client IP address is included in the header to the server address. That is, the destination address 2 of the original packet header is changed to the server address 4. Thereafter, using the predetermined encapsulation protocol, the modified original packet is attached to the inside of the encapsulated packet composed of the header and the payload, and encapsulated. A new header is added to the encapsulated packet to generate a reconstructed packet 330. The new header is the header of the reconfiguration packet 330, the SA area includes the proxy IP address 2 as the source address, and the DA area includes the server IP4 as the destination address. Reference numeral 332 indicates an original packet in which the destination address encapsulated in the reconstructed packet 370 is changed. The new header includes the IP address 2 of the proxy 120 as a source address in the SA area, and the IP address 4 of the server 140 as a destination address in the DA area.

The forward path control unit 216 transmits the reconstructed packet 330 to a destination using a preset path.
At this time, the bridge routers 130 and 230 include a forward reconfiguration packet disassembly unit 238. The forward reconfiguration packet disassembly unit 238 removes the header of the reconfiguration packet 330 (displayed by a dotted line), and the reconfiguration The modified original packet in the packet encapsulation packet is transmitted to the destination server 140. Reference numeral 340 indicates a packet after the header of the reconstructed packet 330 is removed (indicated by a dotted line) in the bridge router 130. Reference numeral 350 indicates a packet received by the server 140. Here, the bridge router 130 includes at least one second proxy or bridge router. During the above-described forward transmission, the first embodiment of the relay system is characterized in that the proxy 120 changes the destination address 2 of the original packet 320 and encapsulates it.
The configuration of the second embodiment of the relay system according to the present invention during forward transmission will be described. In forward transmission, in the second embodiment of the relay system, the destination address 2 of the original packet 320 is changed by the bridge router 130 without being changed by the proxy 120.

FIG. 3C shows a packet structure of the second embodiment of the relay system when the relay system 10 according to the present invention operates in forward transmission. The number 1 in the packet indicates the IP address of the client, 2 indicates the IP address of the proxy 120, 4 indicates the IP address of the server 140, and D indicates the data area.
2 and 3C, the forward direction determination unit 212 determines whether or not the original packet 360 needs to be changed. If the packet change is necessary, the forward direction determination unit 212 requests the packet change.

If there is a packet change request from the forward direction determination unit 212, the forward packet reconfiguration unit 214 reconfigures the original packet 360 into the reconfiguration packet 370. More specifically, the forward packet reconstructing unit 214 uses a predetermined encapsulation protocol to convert the original packet in which the client IP address is included in the header into an encapsulated packet consisting of a header and a payload. And encapsulating the packet, adding a new header to the encapsulated packet, and reconfiguring the packet.
Reference numeral 372 indicates an original packet encapsulated within the reconstructed packet 370. The new header is the header of the reconfiguration packet 330, the SA area includes the proxy IP address 2 as the source address, and the DA area includes the server IP4 as the destination address.
The forward route control unit 216 transmits the reconstructed packet to a destination using a preset route.

  Each of the bridge routers 130 and 230 includes a forward reconfiguration packet disassembly unit 238. The forward reconfiguration packet disassembly unit 238 removes the header of the reconfiguration packet 370 and stores it in the data area of the reconfiguration packet 370. The destination address of a certain prototype packet header is changed to a server address. That is, the proxy IP address 2 in the DA area of the original packet is changed to the server IP address 4. Reference numeral 382 indicates that the destination address 2 of the original packet has been changed to the IP address 4 of the server. Here, the bridge routers 130 and 230 include at least one second proxy or bridge router.

Next, an embodiment related to the configuration of the relay system 110 according to the present invention during reverse transmission will be described.
FIG. 4A shows a packet structure of the first embodiment of the relay system when the relay system 10 according to the present invention operates in reverse transmission. The numeral 1 in the packet indicates the IP address of the client, 2 indicates the IP address of the proxy 120, 3 indicates the IP address of the bridge router 130, 4 indicates the IP address of the server 140, and D indicates the data area.
In reverse transmission, the configuration of the first embodiment of the relay system according to the present invention includes bridge routers 130 and 230 and proxies 120 and 210. The bridge routers 130 and 230 include at least one proxy and bridge router.
As illustrated in FIG. 2, the bridge routers 130 and 230 include a reverse packet reconfiguration unit 234 and a reverse path control unit 236, and may further include a reverse direction determination unit 232.

With reference to FIGS. 2 and 4A, the configuration of the first embodiment of the relay system according to the present invention during reverse transmission will be described.
The reverse direction judgment unit 232 receives the server prototype packet 440, judges whether or not the server prototype packet 440 needs to be changed, and requests a packet change if the packet change is necessary. The server prototype packet 440 includes the IP address of the client 110 in the header, the SA area of the header includes the IP address of the server 140, and the DA area of the header includes the IP address 1 of the client 110. The data area includes data D that the server 140 transmits to the client 110.
If there is a packet change request from the reverse direction determination unit 232, the reverse packet reconfiguration unit 234 receives the server original packet including the client IP address in the header, and determines the source address of the server original packet 440 header, After changing to the proxy 120, 210 address, using the predetermined encapsulation protocol, the changed server prototype packet is attached inside the encapsulated packet consisting of a header and a payload, and encapsulated. A new header is added to the encapsulated packet, and the packet is reconfigured into a server reconfiguration packet.

Referring to FIG. 4A, the server prototype packet 440 includes the server IP address 4 in the SA area and the client IP address 1 in the DA area. The reverse packet reconstructing unit 214 encapsulates the server prototype packet 440, adds a new header to the encapsulated server prototype packet 432, and generates a reconstructed packet 430. The new header includes the IP address 4 of the server 140 in the SA area and the IP address 2 of the proxy 120 in the DA area.
The reverse path control unit 236 transmits the server reconfiguration packet 430 to a destination using a preset path.

The proxies 120 and 210 further include a reverse reconfiguration packet disassembly unit 218. The reverse reconfiguration packet disassembly unit 218 removes the header of the server reconfiguration packet 430, and uses the already set route to change the changed server. The client IP address 1 included in the DA area of the original packet 422 header is used for transmission to the client 110.
A second embodiment relating to the configuration of the relay system 110 according to the present invention during reverse transmission will be described.

FIG. 4B shows a packet structure of the second embodiment of the relay system when the relay system 10 according to the present invention operates in reverse transmission. The numeral 1 in the packet indicates the IP address of the client, 2 indicates the IP address of the proxy 120, 3 indicates the IP address of the bridge router 130, 4 indicates the IP address of the server 140, and D indicates the data area.
In reverse transmission, the configuration of the second embodiment of the relay system according to the present invention includes bridge routers 130 and 230 and proxies 120 and 210. The bridge routers 130 and 230 include at least one proxy and bridge router.
As illustrated in FIG. 2, the bridge routers 130 and 230 include a reverse packet reconfiguration unit 234 and a reverse path control unit 236, and may further include a reverse direction determination unit 232.

With reference to FIG.2 and FIG.4B, the structure of 2nd Embodiment of the relay system by this invention at the time of reverse transmission is demonstrated.
The reverse direction judgment unit 232 receives the server prototype packet 440, judges whether or not the server prototype packet 440 needs to be changed, and requests a packet change if the packet change is necessary. The server prototype packet 440 includes the IP address of the client 110 in the header, the SA area of the header includes the IP address of the server 140, and the DA area of the header includes the IP address 1 of the client 110. The area includes data D that the server 140 transmits to the client 110.
When there is a packet change request from the reverse direction determination unit 232, the reverse packet reconfiguration unit 234 receives the server original packet including the client IP address in the header, and transmits the server original packet to a predetermined encapsulation protocol. Is used to attach and encapsulate in an encapsulated packet composed of a header and a payload, a new header is added to the encapsulated packet, and the server reconstructed packet 470 is reconstructed. The new header includes the IP address 4 of the server 140 in the SA area and the IP address 2 of the proxy 120 in the DA area.

Then, the reverse route control unit 236 of the bridge routers 130 and 230 transmits the server reconfiguration packet 470 to the destination using the already set route.
The proxies 120 and 210 further include a reverse packet disassembly unit 218. The reverse packet disassembly unit 218 removes the header of the server reconfiguration packet 470, changes the source address of the server original packet header 472 to the proxy address 2 with the server address 4, and then changes the server original packet. 462 is transmitted to the client 110 using the client IP address 1 which is the destination address of the modified server prototype packet 462.

FIG. 5 is a block diagram illustrating an example of a proxy constituting the relay system according to the present invention. The first transmission / reception unit 510, the determination unit 520, the blocking unit 530, the packet changing unit 540), and the second transmission / reception unit. Unit 550, status report unit 560, and setting unit 570.
The first transmission / reception unit 510 generates a session and relays the packet to a set destination. The determination unit 520 determines whether to modulate / demodulate and encapsulate / decapsulate the input packet at the front end or the rear end. The blocking unit 530 determines whether or not an abnormal packet is normally processed and blocked. The packet changing unit 540 is a module that changes a transmitted packet, and performs encapsulation or decapsulation. The encapsulatin or decapsulation will be described later.
The status report unit 560 is a module that reports the status of the apparatus and the presence / absence of an abnormality. The setting unit 570 is a module that stores a processing policy in an input packet or an output packet. Here, the blocking unit 530 can be excluded depending on the configuration environment of the relay system.

FIG. 6 is a block diagram illustrating an example of a bridge router constituting the relay system according to the present invention. The first transmission / reception unit 610, the determination unit 620, the packet change unit 630, the determination unit 640, and the second transmission / reception unit. Unit 650, status report unit 660, and setting unit 670.
The first transmission / reception unit 610 relays the packet to a destination set by generating a session. The determination units 620 and 640 determine modulation / demodulation and encapsulation / decapsulation for the input packet at the front end or the rear end. The packet changing unit 630 is a module that changes a transmitted packet, and performs encapsulation or decapsulation. Encapsulatin or decapsulation will be described later.
The status reporting unit 660 is a module that reports the status of the apparatus and the presence / absence of an abnormality. The setting unit 670 is a module that stores a processing policy in an input packet or an output packet.

  7A to 7E show various embodiments related to the configuration of the relay system according to the present invention, and at least two relay devices or proxy software must exist. The relay apparatus is configured to be coupled to a client or a server according to various network environments, and may be used as a separate apparatus installed in a network such as a client or a server or another network.

  7A, the relay system for packet transmission / reception between the client 710 and the server 716 includes a proxy 712 and a bridge router 714. In FIG. 7B, the packet transmission / reception between the client 720 and the server 726 is performed. The relay system includes proxy software 721, a proxy 722, and a bridge router 724 installed on the client. 7C, a relay system for packet transmission / reception between the client 730 and the server 736 includes a proxy 732 and a proxy 734. In FIG. 7D, relaying for packet transmission / reception between the client 740 and the server 744 is performed. The system is composed of a proxy 742 and proxy software 745 installed on the server 744, which substitutes for the functionality of the bridge router 714 of FIG. 7A. In FIG. 7E, the relay system for packet transmission / reception between the client 750 and the server 758 includes a bridge router 752, a proxy 754, and a bridge router 756.

  FIG. 8 shows a network configuration diagram when the client 1 800 transmits a packet to the server 1880 or the server 2 890 through the relay system according to the present invention including the proxy 830, the router 840, and the bridge router 850. It is. When the client 1 800 queries the server 1 880 via the proxy 830, the proxy 830 modifies the destination IP address of the packet transmitted by the client 1800, adds it to the data area, and transmits it to the router 840. The bridge router 850 determines the information of the client 1800 using the proxy 830 and whether or not the proxy 830 is used through the packet modification, and then transmits the packet to the server 1 880 and sends the response of the server 1 880 to the proxy 830. Relay.

  The client 2 860 requests the service via the server 1 880 or the server 2 890 without using the relay system according to the present invention, and shows a case where the service is provided. If client 2860 directly queries server 2 890 without going through proxy 830, bridge router 850 can bypass server 2 890 without modification of the packet. When the destinations of the client 1 and the client 2 are not the server 1 880 or the server 2 890, they are bypassed as they are.

  FIG. 9 shows the overall operation of the relay system according to the present invention. The relay system according to the present invention that exists in the client 910 and the server 940 includes a proxy 920 and a bridge router 930, and when the client 910 queries the server 940, the proxy 920 sends the destination IP address of the packet transmitted by the client 910. After being corrected, it is added to the data area (encapsulation) and transmitted to the bridge router 930. The bridge router 930 learns that the packet has been modified, determines the information of the client 910 using the proxy 920 and whether the proxy 920 is used, and then removes the header added by the proxy 920 (decapsulation). The packet is transmitted to the server 940 and the response of the server 940 is relayed to the proxy 920.

  When the client 950 requests a service to the server 970 and provides the service between the client 950 and the server 970 without using the relay system according to the present invention, the bridge does not go through the proxy. Packet transmission / reception is performed via the router 960 without modification of the packet.

FIG. 10 is a flowchart illustrating an embodiment of a relay method for transmitting a client IP address to a server using an encapsulation protocol according to the present invention during forward transmission.
First, the first relay apparatus receives the original packet including the client IP address in the header via the packet transmission / reception unit (step S1010), and the original packet needs to be changed via the forward direction determination unit. If it is necessary to change the original packet, a packet change is requested (step S1010).

  If there is a packet change request through the forward packet modulation unit, the first relay device changes the destination address of the original packet header to a server address (S1020), and then the first relay device Then, the modified original packet is encapsulated by attaching it to an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol (S1030), and a new header is added to the encapsulated packet. Is added, a reconstructed packet is generated, and the modulated packet is transmitted to the destination using the preset path via the forward path control unit (step S1040).

  The second relay device removes the header of the reconstructed packet, extracts the encapsulated packet (S1050) through the forward reconstructed packet disassembly unit, and changes the prototype in the encapsulated packet. The packet is transmitted to the destination (step S1060). It is determined whether or not the original packet needs to be changed (S1010). If the original packet is not changed, the original packet is not modulated and transmitted along the already set route (S1070). ).

FIG. 11 is a flowchart illustrating another embodiment of a relay method for transmitting a client IP address to a server according to the present invention during forward transmission.
First, the first relay device receives the original packet including the client IP address in the header via the packet transmission / reception unit (step S1100), and the forward direction determination unit determines whether the original packet needs to be changed. If it is necessary to change the original packet, a packet change request is made.

  If there is a packet change request via the forward packet reconstructing unit, the first relay device uses a predetermined encapsulation protocol to convert the original packet including the client IP address into the header. And encapsulating it in the encapsulated packet consisting of the packet and the payload (step S1120), adding a new header to the encapsulated packet, generating a reconstructed packet, via the forward path control unit, The reconstructed packet is transmitted to a destination using a preset route (S1130).

  Thereafter, the second relay device receives the reconstructed packet, removes the header of the reconstructed packet via the forward reconstructed packet disassembly unit, extracts the encapsulated packet (step S1140), and extracts the extracted packet. The destination address of the original packet header in the encapsulated packet is changed to the server address (step SS1150). Thereafter, the modified original packet in the data area of the reconstructed packet is transmitted to a destination (operation S1160). If it is determined whether or not the original packet needs to be changed (step S1110), and if the original packet change is not necessary, the original packet is not modulated and transmitted along the already set route (step S1170). ).

In FIG. 10, when the original packet is encapsulated using the encapsulation protocol, steps S1020 to S1040 in FIG. 10 are as follows.
In the forward packet reconfiguration, the destination address of the original packet in which the client IP address is included in the header is changed to the server address in the first embodiment as in the packet form illustrated in FIG. 18 or FIG. Thereafter, the modified original packet is attached to the inside of the encapsulated packet (1830 and 1840 in FIG. 18 or 1920 and 1930 in FIG. 19) using a predetermined encapsulation protocol. The packet is reconstructed by adding a new header to the encapsulated packet.

  In FIG. 11, when the original packet is encapsulated using the encapsulation protocol, the steps S1120 and S1130 in FIG. 11 are as follows. As shown in FIG. 18 or FIG. 19, the forward packet restructuring unit 214, as the second embodiment, converts the original packet including the client IP address in the header without changing the destination address. Using a predetermined encapsulation protocol, the packet is attached and encapsulated inside an encapsulated packet (1830 and 1840 in FIG. 18 or 1920 and 1930 in FIG. 19) consisting of a header and a payload, and a new packet is added to the encapsulated packet. The header is added and the packet is reconstructed.

  More specifically, in the forward packet reconfiguration in FIG. 10 and FIG. 11, the client information carried in the modified original packet is attached to the payload of the encapsulated packet or attached to the header. .

  FIG. 21 and FIG. 22 show an example when the client information carried in the original packet whose forward packet reconfiguration is changed is attached to the payload of the encapsulated packet. At this time, in the forward packet reconfiguration in FIG. 10, after changing the destination address of the original packet whose client IP address is included in the header to the server address, the changed original packet is changed to a predetermined encapsulation protocol. Is attached to the payload of an encapsulated packet composed of a header and a payload and encapsulated, and a new header is added to the encapsulated packet to reconstruct the packet. Further, the forward packet reconfiguration in FIG. 11 uses the original packet as it is without changing the destination address of the original packet whose client IP address is included in the header to the server address. Then, it is also made by attaching to the payload of the encapsulated packet composed of the header and the payload and encapsulating it, adding a new header to the encapsulated packet, and reconfiguring the packet.

  FIG. 23 shows another example in which the client information carried on the original packet whose forward packet reconfiguration is changed is attached to the payload of the encapsulated packet. At this time, the forward packet reconfiguration in FIG. 10 is as follows. After changing the destination address of the prototype packet in which the client IP address is included in the header to the server address, and including the information included in the header of the modified prototype packet in the data area of the prototype packet, the prototype packet The information 2310 contained in the data area of the packet is encapsulated by attaching it to the payload 2300 of the encapsulated packet composed of the header and the payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet. Add and reassemble the packet. Further, in the forward packet reconfiguration in FIG. 11, the information included in the header of the original packet is changed without changing the destination address of the original packet in which the client IP address is included in the header to the server address. After being included in the data area of the original packet, the information 2310 included in the data area of the original packet is attached to the payload 2300 of the encapsulated packet including the header and the payload using a predetermined encapsulation protocol. This is also done by encapsulating and adding a new header to the encapsulated packet to reconstruct the packet.

  FIG. 24 shows a case where the client information included in the modified original packet is attached to the header of the encapsulated packet for forward packet reconstruction. At this time, in the forward packet reconfiguration in FIG. 10, after changing the destination address of the original packet in which the client IP address is included in the header to the server address, the client included in the changed original packet header is changed. The IP address is encapsulated by attaching it to the header 2010 of the encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet to reconstruct the packet. It also depends on. Further, in the forward packet reconfiguration in FIG. 11, the IP address of the client included in the original packet header without changing the destination address of the original packet including the client IP address in the header to the server address. Is attached to the header 2010 of the encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, encapsulated, and a new header is added to the encapsulated packet to reconstruct the packet. Made.

FIG. 12 is a flowchart illustrating an embodiment of a relay method for transmitting a client IP address to a server according to the present invention during forward transmission after forward transmission according to FIG. 10 or FIG. It is.
First, the first relay device receives a server prototype packet in which the client IP address is included in the header via the packet transmitting / receiving unit (step S1200), and the server prototype packet change is performed via the reverse direction judging unit. It is determined whether or not it is necessary, and if a packet change is necessary, a packet change is requested (step S1210).

  If there is the packet change request, the first relay device changes the source address of the server prototype packet header to the first proxy address through the reverse packet modulator (step S1220), The relay apparatus encapsulates the modified server prototype packet by attaching it to an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol (step S1230). A new header is added, a server reconfiguration packet is generated, and the server reconfiguration packet is transmitted to the destination using the already set route via the reverse path control unit (step S1240).

  Thereafter, the second relay device removes the header of the server reconfiguration packet through the reverse reconfiguration packet disassembly unit to extract the encapsulated packet (operation S1250), and the second relay device is in the extracted encapsulated packet. The server prototype packet is transmitted to the destination address of the server prototype packet (S1260).

  If it is determined whether or not the server prototype packet needs to be changed (step S1210), and if the server prototype packet does not need to be changed, the server prototype packet is transmitted along the already set route without being modulated. (Step S1270).

FIG. 13 is a flowchart illustrating another embodiment of the relay method for transmitting the client IP address to the server according to the present invention after the forward transmission according to FIG. 10 or FIG. 11 is performed. Is.
First, the first relay device receives a server prototype packet in which the client IP address is included in the header via the packet transmitting / receiving unit (step S1300), and the server prototype packet change is performed via the reverse direction judging unit. It is determined whether or not it is necessary, and if a packet change is necessary, a packet change is requested (step S1310).

  If there is the packet change request, the first relay device receives a server prototype packet including a client IP address in a header via a reverse packet reconfiguration unit, and sends the server prototype packet to a predetermined packet Using the encapsulation protocol, it is attached inside the encapsulated packet consisting of a header and payload and encapsulated (step S1320), and a new header is added to the encapsulated packet to generate a server reconfiguration packet. Thereafter, the server reconfiguration packet is transmitted to the destination using the preset route via the reverse route control unit (step S1330).

Thereafter, the second relay apparatus receives the server modulation packet through the reverse reconfiguration packet disassembly unit, removes the header of the server modulation packet, extracts the encapsulated packet (operation S1340), and extracts the extracted packet. The source address in the header of the server prototype packet in the encapsulated packet is changed to the first proxy address (S1350). The second relay device transmits the changed server prototype packet to the destination address of the server prototype packet through a preset route (step S1360).
If it is determined whether or not the server prototype packet needs to be changed (step S1310), and if the server prototype packet does not need to be changed, the server prototype packet is transmitted along the preset route without being modulated. (Step S1370).

  FIG. 14 shows a packet processing flow in the proxy described in FIG. First, when the first transmission / reception unit 510 receives a packet (step S1400), the setting unit 570 determines a packet processing policy (step S1410). After determining whether or not the received packet is a normal packet (step S1420), if it is not a normal packet, the blocking unit 530 blocks the packet transmission and ends.

  If the received packet is a normal packet, the determination unit 520 determines whether or not packet reconfiguration is necessary (operation S1430). If packet reconfiguration is necessary, the packet is reconfigured (S1440), and the reconfigured packet is transmitted (S1450). If packet reconstruction is not necessary, the packet is transmitted without reconstructing the received packet (step S1460).

FIG. 15 shows a packet processing flow in the bridge router described in FIG. First, when the first transmission / reception unit 610 receives a packet (S1500), the setting unit 670 determines a packet processing policy (S1510). If packet reconfiguration is necessary (S1520), the packet is reconfigured (S1530), and the reconfigured packet is transmitted (S1540). If packet reconstruction is not necessary, the packet is transmitted without reconstructing the received packet (step S1550).
FIG. 16 shows an example of a packet transmitted / received via the relay system according to the present invention as layer 3 of OSI 7 layers.

Meanwhile, a practical implementation example related to the process of encapsulation and decapsulation through communication between a server and a client to which the relay system according to the present invention is applied will be described.
FIG. 17 shows the structure of an actual general-purpose TCP communication packet, which is composed of a Mac header 1700, an IP header 1710, a TCP header 1720, upper layer data 1730, and an FCS 1740.

  First, referring to FIG. 1, it is assumed that the client 110 transmits TCP information and the server 140 responds. Encapusulation and decapusulation in forward transmission will be described. Referring to FIG. 1, data transmitted from the client 110 to the proxy 120 is a packet having the form illustrated in FIG. 17. The source address (source address) of the L3 IP header 1710 corresponding to layer 3 of the OSI 7 layer is the address of the client 110, and the destination address (destination address) is the IP address of the proxy 120. Similarly, the source port of the L4 TCP header 1720 that is layer 4 is the departure port of the client 110, and the destination port is the bound port of the proxy 120.

The proxy 120 attaches the information of the client 110 to the packet to be transmitted using the information of the client 110 accessing the proxy 120 using the encapsulation protocol according to the set value. Such a packet is reconstructed, which is called encapsulation.
Here, in the client 110, it is possible to encapsulate in software, but in such a case, the proxy 120 bypasses without performing separate encapsulation. Further, the encapsulation can be performed by the proxy 120 in the client 110 without being performed by software. At this time, the set value in the proxy 120 is a value indicating whether the encapsulation is processed by software in the client 110 or whether the encapsulation is performed in the proxy 120.

FIG. 25 shows a case where a packet for transmission to a destination is generated with reference to the original packet 2500 transmitted by the client when the encapsulation protocol is used.
Referring to FIG. 25, the position to be attached is set as shown in FIG. 18 or 19 using an encapsulation protocol. In FIG. 25, the modulation of the original packet means that when the original packet 2500 is generated in the packet 2510 for transmission to the destination, the CP payload 2520 includes a packet of the form shown in FIGS. 21 to 24 in the original packet 2500. Means that can be placed. That is, in the original packet transmitted by the client, the destination information is changed to the address of a server that is not a proxy.
More specifically, client information is included in the CP headers 1830 and 1920 as shown in FIG. 24, or client information is attached in the CP payloads 1840 and 1930 as shown in FIGS. . FIG. 20 shows that a packet having a form as shown in FIGS. 21 to 24 is placed inside the CP payload. There are many other cases, and what is important is that the proxy 120 attaches the client information inside the packet using an encapsulation protocol. The original packet modulation function is performed by either the proxy or the bridge router.

  The encapsulation described above is composed of the forward packet reconstructing unit of the relay apparatus according to the present invention. Here, the relay device is the proxy 120 or 210 or the bridge router 130 or 230 illustrated in FIGS. 1 and 2. The relay apparatus according to the present invention includes a forward packet reconstructing unit 214 and a forward packet path control unit 216.

  As in the first embodiment, the forward packet reconstructing unit 214 uses the destination address of the original packet in which the client IP address is included in the header as the server address, as in the packet form illustrated in FIG. After the modification, the modified original packet is attached inside the encapsulated packet (1830 and 1840 in FIG. 18 or 1920 and 1930 in FIG. 19) composed of a header and a payload using a predetermined encapsulation protocol. Then, the packet is reconstructed by adding a new header to the encapsulated packet.

As shown in FIG. 18 or FIG. 19, the forward packet restructuring unit 214, as the second embodiment, converts the original packet including the client IP address in the header without changing the destination address. Using a predetermined encapsulation protocol, the packet is attached and encapsulated inside an encapsulated packet (1830 and 1840 in FIG. 18 or 1920 and 1930 in FIG. 19) consisting of a header and a payload, and a new packet is added to the encapsulated packet. The header is added and the packet is reconstructed.
Then, the forward path control unit transmits the reconfigured packet to the destination using the preset path.
More specifically, the forward packet reconstructing unit 214 attaches the client information included in the modified original packet to the payload of the encapsulated packet or attaches it to the header.

  FIG. 21 and FIG. 22 show an example of the case where the client information carried on the modified original packet is attached to the payload of the encapsulated packet by the forward packet reconstructing unit 214. At this time, the forward packet reconstructing unit changes the destination address of the original packet whose client IP address is included in the header to the server address, and then uses the predetermined original protocol for the changed original packet. Then, it is attached to the payload of an encapsulated packet composed of a header and a payload and encapsulated, and a new header is added to the encapsulated packet to reconstruct the packet. In addition, the forward packet reconstructing unit uses a predetermined encapsulation protocol as it is without changing the destination address of the original packet whose client IP address is included in the header to the server address. Can be attached to the payload of an encapsulated packet made up of a packet and a payload, encapsulated, and a new header can be added to the encapsulated packet to reconstruct the packet.

  FIG. 23 shows another example of the case where the client information placed on the modified original packet is attached to the payload of the encapsulated packet by the forward packet reconstructing unit 214. At this time, the forward packet reconfiguration unit changes the destination address of the original packet whose client IP address is included in the header to the server address, and converts the information included in the header of the changed original packet into the original packet. After being included in the data area of the packet, the information 2310 included in the data area of the original packet is attached to the payload 2300 of the encapsulated packet including the header and the payload using a predetermined encapsulation protocol. The packet is reconstructed by adding a new header to the encapsulated packet. In addition, the forward packet reconstructing unit does not change the destination address of the original packet in which the client IP address is included in the header to the server address, but converts the information included in the header of the original packet to the original packet. After being included in the data area, the information 2310 included in the data area of the original packet is attached to the payload 2300 of the encapsulated packet composed of the header and the payload using a predetermined encapsulation protocol, and encapsulated. The packet can be reconstructed by adding a new header to the encapsulated packet.

  FIG. 24 shows a case where the client information carried in the original packet changed by the forward packet reconstruction unit 214 is attached to the header of the encapsulated packet. At this time, the forward packet reconfiguration unit changes the destination address of the original packet whose client IP address is included in the header to the server address, and then changes the IP address of the client included in the changed original packet header. Using a predetermined encapsulation protocol, the packet is reattached to the header 2010 of the encapsulated packet made up of a header and a payload, and the packet is reconfigured by adding a new header to the encapsulated packet. Further, the forward packet reconstructing unit does not change the destination address of the original packet whose client IP address is included in the header to the server address, but sets the IP address of the client included in the original packet header as the predetermined address. It is also possible to recapsulate a packet by attaching it to a header 2010 of an encapsulated packet made up of a header and a payload and encapsulating it, and adding a new header to the encapsulated packet.

  When the relay device according to the present invention is the bridge router of FIG. 2, it may further include a backward packet reconstructing unit 234. At this time, the reverse packet reconfiguration unit receives the server original packet including the client IP address in the header, changes the source address of the server original packet header to the first proxy address, and then changes the change. The server prototype packet is encapsulated by using a predetermined encapsulation protocol and attached inside the encapsulated packet composed of a header and a payload, a new header is added to the encapsulated packet, and a server reconfiguration packet Reconfigure to Further, the reverse packet reconfiguration unit receives a server prototype packet including a client IP address included in a header, and does not change the source address of the server prototype packet header to a first proxy address, but the server prototype Using a predetermined encapsulation protocol, a packet is attached and encapsulated inside an encapsulated packet composed of a header and a payload, a new header is added to the encapsulated packet, and the packet is reconfigured into a server reconfiguration packet. You can also.

  On the other hand, if decapsulation is described in forward transmission, the bridge router 130 detects a packet directed to the server 140 and extracts information of the attached client 110.

When client information is carried in the CP payloads 1840 and 1930 using the encapsulation protocol, that is, when the header of the lower layer modified in advance is included in the CP payloads 1840 and 1930, the CP header And the data at the front end of the CP header are removed, and the contents of the CP payload are transmitted to the server.
When client information is placed in the CP headers 1830 and 1920 using the encapsulation protocol, the information (source address, source port) of the L3IP header and the L4 TCP header is corrected after removing the CP header.
At this time, the information of the client 110 and the information of the proxy 120 that is the actual data transmission location are recorded in the address table. Thereafter, the information of the client 110 is used to reconstruct the packet into a form as shown in FIG. 17, which is called decapsulation.
The departure point information of the packet arriving at the server 140 becomes the information of the client 110 as intended in the present invention, and the server 140 uses the information.

  Here, the decapsulation differs depending on the method of attaching client information in the encapsulation. What is important in the present invention is that the information of the packet routed to the server 140 is extracted and the departure point is modulated to the client, and the client information of the modulated packet and the proxy 120 which is the actual transmission point Caching information.

  Next, encapusulation and decapusulation in reverse transmission will be described. Referring to FIG. 1, the server 140 transmits data to the client 110 as a response. Here, the data received by the server 140 is data requested from the proxy 120, but the packet is modulated by the bridge router 130, and the response data of the server 140 is transmitted to the source address of the requested data.

The bridge router 130 searches the address table list for the destination address of the outbound packet that is an output packet. Here, the address table is eight tables of the information of the client 110 recorded by the forward transmission and the information of the actual data transmission location. If there is a matching address, the bridge router 130 reconfigures the packet using the information. Here, in order to perform normal network communication, the destination is changed to an actual data transmission place that is not a client.
The proxy 120 relays the received packet to the client 110 after decapsulating the received packet into the form shown in FIG. The packet origin information is changed to the information of the proxy 120.
The client 110 receives a response packet from the proxy 120.

  The present invention can be embodied in a computer-readable recording medium with a code readable by a computer (including any device having an information processing function). Computer-readable recording media include all types of recording devices that store data that can be read by a computer system. Examples of the computer-readable recording device include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, and an optical data storage device.

  Although the present invention has been described with reference to the embodiments illustrated in the drawings, they are merely exemplary and various modifications and other equivalents will occur to those of ordinary skill in the art. It will be appreciated that embodiments are possible. Therefore, the technical protection scope of the present invention is defined by the technical idea of the claims.

  It can be used for a relay system between a client and a server via a communication network. In particular, the present invention can be used in a relay system (proxy, bridge router) that transmits a client IP address to a server during wired / wireless communication via a relay device, for example, a proxy or a gateway.

Claims (18)

In a relay system that transmits a client IP address to a server,
The original packet in which the IP address of the client is included in the header is received, and the original packet is attached to the inside of the encapsulated packet composed of the header and the payload, and the packet is re-attached. A first proxy to configure;
The extracts original packet attached to the internal encapsulated packet, looking containing at least one second proxy or bridge router transmits the IP address information of the client to the server, and
The first proxy is
The destination address of the original packet including the client IP address in the header is changed to the server IP address, and the changed original packet is put into the encapsulated packet composed of the header and the payload by using a predetermined encapsulation protocol. Attach and encapsulate, re-configure the packet by adding a new header whose destination address is the server IP address to the encapsulated packet, or a prototype packet containing the client IP address in the header, Using a predetermined encapsulation protocol, the packet is attached and encapsulated inside an encapsulated packet consisting of a header and a payload, and a new header whose destination address is the server IP address is added to the encapsulated packet. Reconstructing forward packet reconstruction unit ,
A forward path control unit that transmits the reconstructed packet to a destination using a preset path, and
The at least one second proxy or bridge router is
Remove the header of the reconstructed packet and transmit the modified original packet in the encapsulated packet of the reconstructed packet to the destination, or remove the header of the reconstructed packet and encapsulate the reconstructed packet The client's IP address is sent to the server using an encapsulation protocol, which includes a reassembly packet disassembly unit that changes the destination address of the header of the original packet in the packet to a server IP address and transmits it to the destination Relay system to transmit. The at least one second proxy or bridge router is
Receiving a server prototype packet client IP address is included in the header, the source address of the server prototype packet header, the first change to the proxy IP address, said changed server prototype packet, predetermined encapsulation A protocol is used to attach and encapsulate inside an encapsulated packet consisting of a header and a payload, and a new header whose destination address is the first proxy IP address is added to the encapsulated packet to reconfigure the server Reassemble into packets ,
A server prototype packet including a client IP address in a header is received, and the server prototype packet is attached and encapsulated inside an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, A reverse packet reconstructing unit that reconstructs a server reconstructed packet by adding a new header whose destination address is the first proxy IP address to the encapsulated packet ;
A reverse path control unit that transmits the server reconfiguration packet to a destination using a preset path,
The first proxy is
Remove the header of the server reconfiguration packet and transmit to the destination address of the server prototype packet with the changed source address ,
A reverse reconfiguration packet disassembly unit that removes the server reconfiguration packet header, changes the source address of the server original packet header to the first proxy IP address, and transmits the changed server original packet destination address ; The relay system for transmitting a client IP address to a server using the encapsulation protocol according to claim 1. After changing the destination address of the original packet in which the client IP address is included in the header to the server IP address, the changed original packet is encapsulated by the header and the payload using a predetermined encapsulation protocol. A forward packet reconstructing unit that attaches and encapsulates inside a packet, adds a new header to the encapsulated packet, and reconstructs the packet;
A relay apparatus, comprising: a forward path control unit that transmits the reconstructed packet to a destination using a preset path. The forward packet reconstruction unit includes:
After changing the destination address of the original packet in which the client IP address is included in the header to the server IP address, the changed original packet is encapsulated by the header and the payload using a predetermined encapsulation protocol. The relay apparatus according to claim 3 , wherein the relay apparatus is attached to a packet payload and encapsulated, and a new header is added to the encapsulated packet to reconstruct the packet. The forward packet reconstruction unit includes:
The destination address of the original packet whose client IP address is included in the header is changed to a server IP address, and the information included in the header of the changed original packet is included in the data area of the original packet, and the original packet The information included in the data area is encapsulated by attaching to the payload of the encapsulated packet composed of the header and the payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet. The relay apparatus according to claim 4 , wherein the packet is reconstructed. The proxy or bridge router connected to the relay device receives a server original packet including a client IP address in the header from the server, and changes the source address of the server original packet to the address of the relay device. The modified server prototype packet is attached and encapsulated inside an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and a packet in which a new header is added to the encapsulated packet is added to the server. When making a reassembled packet,
The server reconfiguration packet is received from the proxy or the bridge router, the header of the server reconfiguration packet is removed, and the modified server original packet is changed using the already set route. The relay apparatus according to claim 3 , further comprising a reverse reconfiguration packet disassembly unit that transmits to a destination address of the server prototype packet . A packet that includes the client IP address is transmitted between the client and the server together with at least one bridge router or proxy as a relay device and transmits the client IP address to the server. Or in the relay device that transmits to the proxy,
The original packet including the client IP address in the header is encapsulated by using a predetermined encapsulation protocol and attached inside the encapsulated packet including the header and the payload, and a new header is added to the encapsulated packet. A forward packet reassembly unit that reassembles the packet by adding,
The reconstructed packet, by utilizing the path of the preset, the not server which is the destination of the original packet, seen including a forward path control unit for transmitting at least one bridge router or proxy, and
The forward packet reconstruction unit includes :
The information included in the header of the original packet whose client IP address is included in the header is included in the data area of the original packet, and the information included in the data area of the original packet is used using a predetermined encapsulation protocol. Then, it is attached to the payload of the encapsulated packet consisting of a header and a payload, encapsulated, a new header is added to the encapsulated packet, and the packet is reconfigured.
The at least one proxy or bridge router is
The header of the reconstructed packet is removed, the original packet inside the encapsulated packet is extracted, the destination address in the extracted original packet header is changed to the server IP address, and then the change And transmitting the modified original packet to the destination of the modified original packet . After receiving the server prototype packet including the client IP address in the header, and changing the source address of the server prototype packet header to the first proxy IP address, the modified server prototype packet is encapsulated in a predetermined encapsulation A reverse packet reconstructing unit that attaches and encapsulates inside an encapsulated packet composed of a header and a payload using a protocol, adds a new header to the encapsulated packet, and reconstructs the server reconstructed packet; ,
A relay apparatus comprising: a reverse path control unit that transmits the server reconfiguration packet to a destination using a preset path. The proxy located between the client and the relay device receives the original packet including the client IP address in the header from the client and changes the destination address of the original packet to the server IP address. The original packet is encapsulated by attaching it to an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet to reconstruct the packet. When making a configuration packet,
A forward reconfiguration packet disassembly unit that receives the reconfiguration packet from the proxy, removes the header of the reconfiguration packet, and transmits the modified original packet in the encapsulation packet of the reconfiguration packet to a destination The relay apparatus characterized by further including . In a method for transmitting a client IP address to a server via a relay system,
The first relay device changes the destination address of the original packet in which the client IP address is included in the header to the server IP address;
The first relay device encapsulates the modified original packet by attaching it to an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and a destination address is included in the encapsulated packet. Reassembling the packet with a new header consisting of the server IP address ; and
The first relay device transmits the reconstructed packet to a destination using a preset route;
And a second relay device removing a header of the reconstructed packet, extracting the encapsulated packet, and transmitting the modified original packet in the encapsulated packet to a destination. A method for transmitting an IP address of a client to a server through a relay system using a characteristic encapsulation protocol. The packet reconstruction step includes:
After changing the destination address of the original packet in which the client IP address is included in the header to the server IP address, the changed original packet is encapsulated by the header and the payload using a predetermined encapsulation protocol. The encapsulation protocol according to claim 10 , wherein the encapsulation protocol is attached to a payload of a packet and encapsulated, and a new header whose destination address is a server IP address is added to the encapsulated packet to reconstruct the packet. A method of transmitting a client IP address to a server via a relay system. The packet reconstruction step includes:
The destination address of the original packet whose client IP address is included in the header is changed to a server IP address, and the information included in the header of the changed original packet is included in the data area of the original packet, and the original packet The information included in the data area is attached to an encapsulated packet payload consisting of a header and payload using a predetermined encapsulation protocol, and the destination address is encapsulated from the server IP address in the encapsulated packet. A method for transmitting a client IP address to a server via a relay system using the encapsulation protocol according to claim 11 , wherein the packet is reconstructed by adding a new header. The first relay device encapsulates the original packet in which the client IP address is included in the header by using a predetermined encapsulation protocol, and attaches the packet inside the encapsulated packet including the header and the payload. Reassembling the packet by adding a new header to the packet;
The first relay device transmits the reconstructed packet to a destination using a preset route;
A second relay device removing a header of the reconstructed packet, extracting the encapsulated packet, and changing a destination address of an original packet header in the extracted encapsulated packet to a server address; A method for transmitting an IP address of a client to a server via a relay system using an encapsulation protocol characterized by including: The packet reconstruction step includes:
The original packet including the client IP address in the header is encapsulated by attaching to the payload of the encapsulated packet composed of the header and the payload using a predetermined encapsulation protocol, and a new header is added to the encapsulated packet. 14. The method of transmitting a client IP address to a server through a relay system using the encapsulation protocol according to claim 13 , wherein the packet is reconstructed by adding a packet. The information included in the header of the original packet whose client IP address is included in the header is included in the data area of the original packet, and the information included in the data area of the original packet is used using a predetermined encapsulation protocol. 15. The encapsulation according to claim 14 , wherein the encapsulation is performed by attaching to a payload of an encapsulated packet composed of a header and a payload, and reconfiguring the packet by adding a new header to the encapsulated packet. A method of transmitting a client's IP address to a server via a relay system using a protocol. A first relay device receiving a server prototype packet in which a client IP address is included in a header, and changing a source address of the server prototype packet header to a second relay device IP address;
The first relay device attaches and encapsulates the modified server prototype packet inside an encapsulated packet composed of a header and a payload using a predetermined encapsulation protocol, and sends a destination address to the encapsulated packet. Adding a new header consisting of the second relay device IP address to generate a server reconfiguration packet;
The first relay device transmits the server reconfiguration packet to a destination using a preset route;
Step second relay device, wherein by removing the header of the server reconstructed packet extracts the encapsulated packet, the server prototype packets in the extracted encapsulated packet is transmitted to the destination address of the server prototype packet And a data packet relay method to a client IP address using an encapsulation protocol. The first relay device receives the server prototype packet in which the client IP address is included in the header, and uses the predetermined encapsulation protocol to store the server prototype packet in the encapsulated packet composed of the header and the payload. Attaching and encapsulating, adding a new header whose destination address is the second relay device IP address to the encapsulated packet, and generating a server reconfiguration packet;
The first relay device transmits the server reconfiguration packet to a destination using a preset route;
The second relay device removes the header of the server reconfiguration packet to extract the encapsulated packet, and the source address in the header of the server original packet in the extracted encapsulated packet is determined as the second relay device IP. Changing to an address,
The second relay device includes a step of transmitting the changed server prototype packet to a destination address of the server prototype packet through a preset route, and a data packet to the received client IP address Relay method. A recording medium readable by a processor in which a program for causing a processing device to execute the method according to any one of claims 10, 13, 16, and 17 is recorded.

Images